Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Remember_Me() question
  • sdekkerssdekkers
    When using Ormauth, how does the remember_me cookie work?

    As far as I can see, if there's an valid user_id inside of it, it will force_login it, but we're experiencing that there's no user_id set in the cookie

    This is the way I check what's set in the cookie:

    var_dump(unserialize(\Crypt::decode(\Cookie::get('portit_remember_me'))));

    This is what's in it:
    array(3) {
      [0]=>
      array(7) {
        ["session_id"]=>
        string(32) "55f13670a5edcdbb89584a615f5185a3"
        ["ip_hash"]=>
        string(32) "bf86df795a9377f265955f06f8555d10"
        ["user_agent"]=>
        string(109) "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
        ["created"]=>
        int(1395132071)
        ["updated"]=>
        int(1395132074)
        ["payload"]=>
        string(0) ""
        ["previous_id"]=>
        string(32) "ea49f517bc87395f11d2f4996b40568b"
      }
      [1]=>
      array(1) {
        ["user_id"]=>
        string(3) "240"
      }
      [2]=>
      array(0) {
      }
    }



    In this one there's a user_id set. Though, before I logged in this morning, this was in the cookie:



    array(1) {
      [0]=>
      array(7) {
        ["session_id"]=>
        string(32) "35a32a748c4f7aa19df53d36e2787d1c"
        ["ip_hash"]=>
        string(32) "3777498e94f31db5c8c7ca3e222479a9"
        ["user_agent"]=>
        string(109) "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
        ["created"]=>
        int(1395129142)
        ["updated"]=>
        int(1395129142)
        ["payload"]=>
        string(0) ""
        ["previous_id"]=>
        string(32) "ea49f517bc87395f11d2f4996b40568b"
      }
    }


    What can be the reason for the user_id disappearing?
  • HarroHarro
    A remember-me cookie is a standard session cookie (i.e. equal to a session configured for cookie storage). So all configuration and restrictions for sessions apply,

    If I compare the two, I see a different IP hash (so your PC had a different iP address yesterday and today), did you configure the session for IP validation?

    In general, if something is detected that would invalidate the session, it will also invalidate the remember-me cookie.

    If this is the issue, It is created like this:

                static::$remember_me = \Session::forge(array(
                    'driver' => 'cookie',
                    'cookie' => array(
                        'cookie_name' => \Config::get('ormauth.remember_me.cookie_name', 'rmcookie'),
                    ),
                    'encrypt_cookie' => true,
                    'expire_on_close' => false,
                    'expiration_time' => \Config::get('ormauth.remember_me.expiration', 86400 * 31),
                ));

    perhaps it's better to pass all possible options, to make sure nothing from the session config is inherited?
  • sdekkerssdekkers
    Our session config is here:

    Our Ormauth config is here:

    We use 1.7/master.

    and during login we run \Auth::remember_me(); and when a user logs out we run \Auth::dont_remember_me();
    no further modifications were made..

    The IP-change is usually not the case, but was yesterday, even though on the office, where we have a static IP, I have to login manually at morning, while not logging out the day before...
  • HarroHarro
    Those two snippets are the same?
  • sdekkerssdekkers
    Sorry :P
  • HarroHarro
    Accepted Answer
    match_ip is disabled, so that can not be the cause.

    There haven't been any recent changes in Session, so 1.7/master should be up to date.

    What you can do is (temporary) swap to the 1.8/develop fuel/core/session files. I have added additional logging to the drivers (make sure you log Fuel::L_ALL!) so you can see when and why a new session is issued.

    The strange thing I see is that the session id is different, but the previous id is the same on both dumps, which is a situation that may not happen. So I'm very intrested to see what the issue is here.
  • sdekkerssdekkers
    I'll change out the session files and will let you know tomorrow.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion